New strategies to combat cyber attacks, from LogRhythm

_________________________________________________________________________
GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET

Some SMEs are are paying lip service to cyber security, opening themselves up to being just another statistic in the malicious cyber crime game. That’s according to Bill Smith, LogRhythm sales and customer relationship manager and Bill Taylor, LogRhythm Asia-Pacific and Japan CEO.

Taylor says that “In PWC’s 2015 Information Security Breaches Survey, 90% of large organisations reported that they had suffered a security breach, up from 81% in 2014,” Taylor says.

Smith adds that while security professionals may be taking it seriously, business operators are the ones who need to learn to balance risk against cost as they learn about the business implications and liabilities, and the true cost of inadequate protection.

“With the possible ratification of mandatory disclosure regulations, we think that companies in Australia will start to pay more attention on cyber security,” Smith says.

“In many countries where mandatory disclosure laws have been passed, we have observed an increased focus by businesses on cyber security. The reality is that regulation has created a greater sense of urgency for companies to take action,” he explains.

As a result, Smith says that organisations who embrace the new mindset of prevention rather than detection and implementing the right tools for the jobs are the ones who are successful.

Smith also mentions that ransomware and insider threats are also common, and can be either malicious or non-malicious threats coming from inside the company, driven by phishing links and drive-by downloads.

Smith says, “The most common form of non-malicious threats is naïve users clicking on phishing links and drive by downloads. With non-malicious threats forming 70% of all insider threats according to the Verizon Report, having a strong monitoring tool to monitor user behaviour is the best way to detect, respond and neutralise the threat.

“One of the most critical aspects of addressing malicious insider threats is privilege-user-monitoring which can monitor rights escalation, in the form of privilege user accounts creation like an Administrator user account,” Smith explains.

Even the smaller issues that may fly under the radar are potential deadly threats, according to Smith. Employees who use their own devices such as USB drives and external storage only blurs the security perimeter, increases the amount of risk vectors and makes security management more difficult.

This, according to Smith, “Will only get worse with the Internet of Things (IOT), with connected cars, medical and healthcare devices, building and home automation.”

So how should companies monitor and use information coming into their SIEM (security information and event management) for cyber threats? Smith says that the key is information capture from as many sources as possible, coupled with powerful machine-driven analytics that can trawl the massive amount of data looking for cyber threats.

The next major issue is finding the balance between people-managed threat analysis and automated analysis. Automated software surfaces the most important threats and vulnerabilities, while people are the ones that validate and respond to them.

“The real job of automated machine analytics is to surface only the most relevant events, because people resources are limited, says Smith.

“Instead of sifting through thousands of security events, automated software or machine analytics helps companies reduce the time to detect, respond and neutralise the threat,” Smith explains.

Relying on external security providers can lull organisations into a false sense of security when companies don’t have the internal resources to adequately manage cyber threats, and Smith believes that there is room to adopt a co-management model as a best practise.

Smith believes this co-management model involves allocating resources internally, “So not fully turning the responsibility to someone else. We believe it is impossible to capture every security aspect in a single Scope Of Work document, and it’s imperative for the company to work hand-in-glove with the external provider,” he says.